Published on: December 16, 2020
Our websites, apps and services are designed for businesses and their representatives. We do not target consumers – individuals who seek to use products and services for their personal or household use. Accordingly, we treat all personal data we collect as pertaining to individuals in their business capacity and not their individual capacity.
Our Edge Cloud Services/Fastly as a Data Processor or Service Provider.
Fastly acknowledges that you may have the right to access your personal data. Fastly has no direct relationship with the data subjects whose personal data we process on behalf of our Customers. An individual who seeks to access, correct, amend, or delete personal data about them that we process on behalf of our Customers should direct their requests or queries to our Customer (i.e., the data controller. In addition, we will forward to the applicable Customer any request by a data subject received by Fastly regarding personal data processed on behalf of that Customer.
Fastly as a Data Controller
International Data Transfers
When Fastly operates as a data controller (i.e., when we determine the manner, purposes and means of the processing of others’ personal information), Fastly may collect from, transfer to, or process and store your personal information in the United States and other countries other than the country where you live. When we transfer personal data from the EU, Switzerland, or UK to any other country, we will do so according to an adequate mechanism of transfer.
Fastly has certified its services under the EU–U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and the European Union and Switzerland, respectively (collectively, the “Privacy Shield”). Although the Privacy Shield has been ruled invalid, Fastly adheres to the Privacy Shield Principles with respect to personal information we receive from Visitors, Customers or Attendees in the EU, the United Kingdom and Switzerland. You can view our notice of Privacy Shield self-certification here. For more information on the Privacy Shield, please visit the U.S. Department of Commerce’s Privacy Shield website.
Information that we collect from or about you includes the following:
Categories of collected personal data
Description Identification and Contact Information
Details such as name, postal address, e-mail address, or telephone number, either actively or passively, and billing information such as credit card number and tax address. Professional Information
Information that you provide when you fill in forms on our websites, such as your job title, credit card number and other contact details. Information you provide as a contributing user that is published or displayed (hereafter, referred to as “posted”) on public areas of our websites, or transmitted to other users of our websites or third parties. Your user contributions are posted and may be accessed by others at your own risk.Information you provide when applying for a job with Fastly, including your résumé. Transactional Data
Details of financial transactions you carry out through our websites or related to orders of our services, such as credit card information, or in connection with planning and hosting corporate events, such as reservations and hospitality. Technical Data
Information about your Internet connection and Internet protocol (IP) address, your login data, the equipment you use to access our websites, time zone settings and location, browser plug-in types and versions, operating system and other technology on the devices you use to access or use our websites. Marketing and Communications Data
Your preferences in receiving marketing from us and our partners and your communication preferences and consents. Your responses to surveys that we might ask you to complete for research purposes.Records and copies of your correspondence (including e-mail addresses, IRC handles, and Twitter handles), if you contact us. This information may contain contact details you include within your correspondence. Behavioral Data
Inferred or assumed information relating to your behavior and interests, based on your online activity and your use of our websites.
We do not collect any “Special Categories of Personal Data” about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offenses.
Legal Basis and Purpose for Processing Personal Data
Where we process personal data as a processor or a service provider pursuant to service contracts with our Customers, we process personal data on the instructions of the Customer, and only as necessary, appropriate and customary to provide our services.
If you are an individual located in the European Economic Area (EEA) or an individual whose personal data is protected by laws similar to the GDPR, our legal basis and purpose for collecting and using the personal data described in Section 2.1 above will depend on the personal data concerned and the specific context in which we collect it. However, we will normally collect personal data from you only where: (a) we have your consent to do so, (b) where we need the personal data to perform a contract with you (e.g. to deliver the services you have requested), or (c) where the processing is in our or a third party’s legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms). In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.
Examples of Legitimate Basis and Purpose for Collecting Your Personal Data
In connection with your use of our services, we collect and process personal data to perform our contractual obligations related to the services that you have requested. Where we collect personal data in connection with operating our websites and services, we have a legitimate interest in ensuring our websites, services and associated networks and IT systems operate properly and securely. Where you have requested to receive information about our products, services and business or other marketing communications, then we process personal data based upon our legitimate interest in engaging in direct marketing with Visitors, Customers, Attendees, individuals and companies that have requested to receive information from us.
Where you have responded to a job posting on our websites, we collect and process personal data as part of our consideration of your application. Where we rely on your consent to process the personal data, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
Fastly may directly collect personal data you provide us in the following ways:
When you complete forms on our websites, such as registering an account, subscribing to a service, posting a comment or applying for a job.
When you create an account to use our services or create a new user for that account.
When you complete transactions through our websites, such as fulfilling an order for our services.
When you perform search queries on our websites.
When you post messages on our websites, either in public areas or directly to other users or third parties.
When you use our publicly accessible blogs.
When you contact us outside of our websites, such as via email or Twitter.
When you request assistance from our Support team.
When you respond to surveys we ask you to complete for research purposes.
When you provide information that will be posted published or displayed on public areas of our websites.
When you transmit information to other users of our websites or third parties as a user contribution.
When you register for or attend our Marketing Activities.
As is true of most websites and services provided using the Internet, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), the referring page that you navigated to our websites from, the page that you navigated to from our websites, the files viewed on our site (e.g. HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
The information we collect automatically is statistical data, which we may associate with personal data we collect in other ways or receive from third parties. This information helps us to improve our websites and to deliver better and more personalized service.
We partner with a third party to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on our websites and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union, click here). Please note that this does not opt you out of being served ads. You will continue to receive generic ads.
In connection with operating our global caching network’s general interaction with the Internet, Fastly collects client IP address information on a limited basis to provide and improve its services. Fastly also may collect and retain for its legitimate business purposes client or Customer IP addresses associated with suspicious activity that may pose a risk to the Fastly network or our Customers, or that are associated with administrative connections to the Fastly service.
We use your information to enhance your experience using our websites and services.
We use personal data that we collect about you or that you provide to us, including any personal data about Visitors, Customers and Attendees:
To present our websites and their contents to you.
To provide you with access to our services and to maintain access controls over secured areas of our websites.
To provide you services for which you have engaged us.
To provide you with information, products, or services that you request from us, including technical instructions for implementing your service and responding to customer support and sales inquiries.
To fulfill any purpose for which you provide it.
To provide you with notices about your account and/or subscription, including expiration and renewal notices.
To notify you about changes to our websites or any products or services, which include changes to our documentation, other technical and administrative notices, security advisories and other alerts that you may subscribe for on our websites.
To provide you with information or services that you request from us.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing, collection and completing credit card transactions.
To save your preferences (including requests to not receive communications).
To allow you to participate in interactive features on our websites.
To personalize our websites to optimize your experience and match your preferences.
To send you promotional materials about our services and events, including newsletters, product updates, information about and invitations to marketing events.
To process and deliver contest or sweepstakes entries and rewards.
To plan and host Marketing Activities.
To communicate with you about corporate marketing events, which may include promotional information.
In any way we describe when you provide or we collect the information.
To comply with applicable legal and regulatory requirements.
For any other purpose with your consent.
We retain your information for as long as your account is active or as needed to provide you our services or perform our contractual obligations, unless a longer retention period is required or permitted by law. The retention period shall not exceed the duration of our business relationship with you plus (7) years unless we have a legitimate business interest need to retain the information for a longer period, which include maintaining a record of your preferences, securing the integrity of databases, conducting audits, complying with our legal and contractual obligations, resolving disputes, and enforcing our agreements.
Third-Party Service Providers
We engage third-party service providers in the operation of our business or to support our business. We consequently share information, including personal data, with these contracted third-party service providers in connection with using their services. These include cloud-based productivity and collaboration tools, customer relations management, staffing service providers, backup, storage, payment processing, analytics and other services. We also engage and share information with third-party service providers for fraud protection, credit risk reduction and payment collection associated with our accounts. Our service providers may have access to, process or store your personal data for the purpose of providing us with their contracted-for services.
Our service providers are not authorized to process your personal data for purposes other than as necessary, appropriate or reasonable to provide the service we have purchased.
We share information, including personal data, with our subsidiaries and affiliates in the operation of our global business because our subsidiaries and affiliates may provide you services under our contracts or other functions, consistent with the purposes described in Section 2.4 above.
Third Party Cookies
We may disclose your personal data to any third party with your consent.
Compliance with Laws; Law Enforcement Requests; Protection of Our Rights
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet law enforcement requirements. We may disclose personal data to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary or appropriate in order to protect our rights, property, or safety of Fastly, our Visitors, Customers or Attendees, Job Applicants, our personnel or others, to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our contracts, or as otherwise required by law.
We may share your personal data to a potential buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Fastly’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by Fastly about our websites users is among the assets transferred. We may also share your personal data with potential investors, financing sources, auditors or agents that may conduct due diligence of our business. You will be notified via email and/or a prominent notice on our websites of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
Our services permit you to refer our services to other people, including, for instance, to add users to your account. If you provide us with contact information for persons you would like to refer, we will communicate with the referred persons and may disclose you as the source of the referral. If you believe that one of your contacts has provided us with your personal data and you would like to request that it be removed from our databases, please contact us at email@example.com.
Our website includes a community forum and other interactive features. When interacting in the community form, your account is publicly accessible unless you change the privacy settings of your profile through your account portal.
Some content or applications are served by third parties, including advertisers, ad networks and servers, content providers, and application providers who may collect your information as you interact with those parties through our websites.
This collection can occur under the following circumstances:
When you log in to our websites using sign-in services such as Facebook Connect or an Open ID provider.
When you use social media features, such as the Facebook Like button, and widgets, such as the Share button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our websites, and may set a cookie to enable the feature to function properly. These social media features are either hosted by a third party or hosted directly on our websites.
You can log in to our websites using sign-in services such as Facebook Connect or an Open ID provider. These services authenticate your identity and provide you the option to share certain personal data with us such as your name and email address to pre-populate our sign up form. Services like Facebook Connect give you the option to post information about your activities on our websites to your profile page to share with others within your network.
These third parties may also use automatic data collection technologies such as cookies or beacons to collect information about you when you use our websites, your online activities, and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal data about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. If we receive personal data about individuals from a third party in order to engage in marketing of our services, then we will market to those individuals only in their capacity as representatives of companies we wish to sell to and we will present you an opportunity to opt-out of future communications.
Examples of the types of personal data that may be obtained from public sources or purchased from third parties and combined with information we already have about you, may include:
Contact information about you, including your name, email address telephone number, from third party sources to verify your address so we can properly prevent fraud or communicate with you; or
Data purchased from third parties, such as social networking sites and conference attendee lists, that is combined with information we already have about you, to create more tailored advertising and products. If you receive a marketing communication or promotion from us, you may opt-out of these communications at any time by clicking the unsubscribe link provided in the email or by sending a request to firstname.lastname@example.org.
You can use certain web browser and opt-out options to limit the personal data you provide us. We cannot guarantee the effectiveness of these third-party controls.
The following mechanisms are in place to provide control over your information by:
Opting out. If you have subscribed to our newsletter(s), you can choose to stop receiving marketing emails, such as our newsletter or new product announcements, by following the unsubscribe instructions included in these emails or by contacting us at email@example.com .
If you want to review, delete, or change your personal data, you can log in to the appropriate website and visit your account profile page. After you log in, you can send us an e-mail at the address noted in the Contact Information section below to request access to, correction of, or deletion of any personal data that you provided to us. You can also request the closure of your account within your account settings. If we fulfill your request to close your account, we will remove your user account from our active database and your account will be archived as an inactive account. We retain your account information in accordance with our retention policy as described above in Section 2.5 and in order to maintain a record of your preferences, to secure the integrity of applicable databases, conduct audits, comply with our legal and contractual obligations, resolve disputes, and enforce our agreements.
To remove your personal data from our blog, please follow the instructions to remove posts or delete your user account. If you want your personal data removed from other places on our websites, please contact us via the information supplied in the Contact Information section below.
Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your personal data or if we have retained your personal data after the closure of your account. To request this information please contact us via the information supplied in the Contact Information section below. We will respond to your request within the timeframe specified by applicable law.
If you need to report abuse, please contact us by email at firstname.lastname@example.org.
We have implemented measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration, and disclosure.
Information you provide to us is stored on our secure servers behind firewalls. Any sensitive information is encrypted using Transport Layer Security (TLS) (sometimes referred to as Secure Sockets Layer or SSL).
You must also make sure that your personal data is safe and secure. Even if we give you (or you have chosen) a password for access to certain parts of our websites, you are responsible for keeping this password confidential. Do not share your password with anyone. We urge you to be careful about giving out information in public areas of our websites, for example, message boards. The personal data you share in public areas may be viewed by any user of our websites.
Information that is transmitted via the Internet is not completely secure. We cannot guarantee the security of your personal data transmitted to our websites. Any transmission of personal data is at your own risk. We are not responsible if you circumvent any privacy settings or security measures on our websites.
We limit access to certain pages on our websites and allow you to set certain privacy settings via your account profile; however, be aware that no security measures are perfect or impenetrable.
Additionally, we cannot control the actions of other users of our websites with whom you may choose to share your user contributions. Given that, we cannot and do not guarantee that your user contributions will not be viewed by unauthorized persons.
Our websites are not intended for children under 16 years of age. No one under age 16 may provide any personal data to or on the websites.
We do not knowingly collect personal data from children under 16. If you are under 16, do not use or provide any information on our websites or on or through any of their features, register on the websites, make any purchases through the websites, use any of the interactive or public comment features of our websites or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received personal data from a child under 16, we will delete that information immediately.
If you believe we might have any information from or about a child under 16, please contact us via the Contact Information section below.
California Civil Code Section § 1798.83 permits users of our websites that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an e-mail or write us at our mailing address noted in the Contact Information section below.
or Fastly, Inc., Attn: General Counsel and SVP of Trust, 475 Brannan St, Suite 300 San Francisco, CA 94107.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may contact our U.S.-based third party dispute resolution provider (free of charge) at: https://feedback-form.truste.com/watchdog/request.